NVIDIA GPU Driver Kernel Mode Layer contains Denial of Service and Information Disclosure Vulnerability
Overview
A high-severity vulnerability was found in the NVIDIA GPU Display Driver for both Windows and Linux. The flaw resides in the kernel mode driver component (`nvlddmkm.sys` on Windows, `nvidia.ko` on Linux) and can be triggered by a user-mode application sending specially crafted shader computations to the GPU. Improper input validation in the driver's handling of these inputs leads to an out-of-bounds read from kernel memory. A local attacker with low privileges can exploit this vulnerability to achieve two primary impacts: Denial of Service (DoS) by causing a system crash (Blue Screen of Death or kernel panic), or Information Disclosure by reading sensitive data from kernel memory. The disclosed data could include memory addresses, keys, or tokens, which could be used to bypass security mitigations like KASLR and facilitate further exploitation, potentially leading to full privilege escalation. This vulnerability poses a significant risk in multi-tenant cloud environments that utilize GPU sharing or virtualization, as a malicious tenant could crash the host or potentially access data from other tenants' processes.
Affected Systems
Testing Guide
1. Check your current NVIDIA driver version using the `nvidia-smi` command-line tool or the NVIDIA Control Panel. 2. Compare your installed version against the patched versions listed in the NVIDIA security bulletin. 3. If your version is lower than the patched version, your system is vulnerable. There are publicly available proof-of-concept tools that can be used to trigger the crash on vulnerable systems for verification purposes in a controlled test environment.
Mitigation Steps
1. **Update NVIDIA Drivers:** Download and install the latest driver version from the NVIDIA driver downloads page or through your Linux distribution's package manager. 2. **Restrict GPU Access:** In multi-tenant or shared environments, use security mechanisms like NVIDIA MIG (Multi-Instance GPU) to isolate workloads. Limit direct GPU access to trusted users and processes. 3. **Monitor System Logs:** Regularly monitor kernel and system logs for unexpected crashes or errors related to the NVIDIA driver, which could indicate exploitation attempts.
Patch Details
NVIDIA released updated drivers across all affected product lines to address this vulnerability. The patch adds improved bounds checking for shader inputs.